DDoS attacks affecting more countries than ever before

A total of 23,095 DDoS attacks were carried out on web resources located in 76 countries in the first quarter of 2015, up 15 per cent from the 66 countries affected in the final quarter of last year.

This is one of the findings of a new study by cyber security firm Kaspersky Lab into the botnet-assisted DDoS attack landscape. But although the geography is expanding the overall number of botnet-assisted attacks is down by 11 per cent and the number of unique victims down by eight per cent.

Servers in the US, Canada and China are targeted most frequently. The study also finds that the greatest number of attacks on a single web resource in Q1 2015 was 21, compared to 16 in Q4 2014, and the most prolonged botnet attack occurred for almost six days.

"A DDoS attack is often a cross-border effort; the customer is located in one country, the executor in another, the C&C servers are hosted in a third country, and the bots involved in the DDoS attack are scattered across the world," says Evgeny Vigovsky, Head of DDoS Protection at Kaspersky Lab. "This often makes it more complicated to investigate attacks, take down botnets and catch those responsible. Although cybercriminals do not limit their DDoS toolkits to botnets alone, this is still a widespread and dangerous tool, and it demands preventive protection measures from potential targets, i.e. web resources".

The fact that China and the US for most frequently attacked countries and highest numbers of victims is, says Kaspersky Lab, down to low hosting prices that encourage many companies to have their sites located in those countries.

The most attacks on a single resource were against a Russian language website belonging to an investment group. A Vietnamese wedding services site was second most attacked, and a US hosting provider third.

Only three sites suffered attacks of more than 100 hours, down significantly from 13 in the final quarter of 2014. However, as the report points out even a short, one-off attack can make a site inoperable and cost the victim both financially and in damage to reputation.

The full report with much more detail is available from the Kaspersky Lab site. There's also an infographic showing the geographical breakdown of attacks below.